I'm currently caught in an ongoing prank battle with my friend, and I have a question regarding the next prank I'm planning to pull.

Basically, I want to phish my friend's Facebook username and password so I could then post a funny status from his account (I wouldn't do anything harmful). I already registered a website from a free webhost, and written a form that'll trick my friend into inputting his account information; but I want to get some feedback before I actually upload the files, as this is my first attempt at phishing, and I'm a little paranoid.

So, the question I have is: What is the probability that I'll be caught, and face legal action?

Note:-My friend wouldn't report me; he would get the prank.-I'm only planning to phish my friend. No one else.-I would relinquish his username and password after I'm done with the prank.

They are illegal but the likelihood of being caught and prosecuted is low unless you are using them to make money or are sending them to thousands of people. Probably these pages will just provoke a cease & desist notice and be removed by the host.

"Don't include a single line in your code which you could not explain to your grandmother in a matter of two minutes."

I'm currently caught in an ongoing prank battle with my friend, and I have a question regarding the next prank I'm planning to pull.

Basically, I want to phish my friend's Facebook username and password so I could then post a funny status from his account (I wouldn't do anything harmful). I already registered a website from a free webhost, and written a form that'll trick my friend into inputting his account information; but I want to get some feedback before I actually upload the files, as this is my first attempt at phishing, and I'm a little paranoid.

So, the question I have is: What is the probability that I'll be caught, and face legal action?

Note:-My friend wouldn't report me; he would get the prank.-I'm only planning to phish my friend. No one else.-I would relinquish his username and password after I'm done with the prank.

I hope this post isn't against the forum policy.

Why not just send a keylogger in a pic? Send it and use the prank as the reason why you are sending it, like social engineer him into it. Send it in a e-mail and tag it something like: I won the prank now, check out this pic!! hahaIt would seem logical and believable to an extent I suppose other than redirecting your friend to a URL that's not facebook at all.

Chances of getting caught, nearly impossible if it's not in search engines.

Technically it is and normally we would have to lock this. However, I think we'll let this slide for a moment for educational purposes seeing you are asking more about the attacks themselves, and not so much how to do them.

"The quieter you become, the more you are able to hear...""Drink all the booze, hack all the things."

I'm trying to pull a similar prank but my index.html file on webhost only sends me to the webhost error page. I've scrolled over the file and it says that I may need to change my language. How do I do that and why do I need to?

This makes me think of another related question too.Could you change someones DNS cache or ARP or w/e it is to redirect to a fake site when facebook.com is typed in?Rather than trying to phise with a similarly named site?

-- Wed Feb 27, 2013 11:35 pm --

and ninjex, ive heard of that before and would like to know, how do you embed code into an image or other file?

also as far as phising, to make it believeable, i think he can set the URL that will appear in the navigation box.

also i doubt you need to actually change the language, thats probably just a recommendation that the default error page makes, there's likely just an error in the HTML markup for your page.